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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS. 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1 .704(b). 

Status 

Responsive to communication(s) filed on 21 October 2003 . 
2a)n This action is FINAL. 2b)l3 This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-15 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1-15 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification Is objected to by the Examiner. 

10) KI The drawing(s) filed on 21 October 2003 is/are: a)[3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet{s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1, 121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C, § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * o)\J None of. 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draflsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) 13 Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mall Date SEE ATTACHED , 6) □ Other: . 
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DETAILED ACTION 



Claims 1-15 have been examined. 

Information Disclosure Statement PTO-1449 

1. The Information Disclosure Statement submitted by applicant on 06/1/2004 and 
10/21/2003 has been considered. Please see attached PTO-1449. 



Claim Rejections - 35 USC § 102 



2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



3. Claims 1, 6, 8, 13, 14 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Jain et al. (US Patent Application Publication No. 2003/0131116, filed June 21, 
2002). 
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3.1 . As per claim 1 , Jain is directed to a method of securing a device having data 
communication capability (Fig. 2 and associated text shows a firewall, which secures 
the network device that sends packets received at item 202). comprising dynamically 
detecting a control. connection, which originates from said device (parag. 18-20, where 
the dynamically negotiated ports are identified by the stateful firewall. Note that parag. 
4-6 examples an FTP connection, which dynamically allocates ports and uses them. 
FTP connections inherently initiate a control channel and a data channel (see 
Charavarty parag. 37-40 as evidence)), noticing negotiation of a related connection 
within said control connection, said negotiation comprising at least defining a port of 
the device for said related connection (parag 31 to 38, where the main (control) 
channel and the additional FTP channels and ports are identified by the firewall), 
checking if relationship between said port of the device and the control connection 
fulfills predefined criteria, and conditionally blocking said related connection, if said port 
of the device does not fulfill said predefined criteria (parag. 45 shows that the 
dynamically negotiated FTP channel is fully identified (ports associated with the control 
channel identified as described above), and a policy is enforced. The policy is the 
predefined criteria, and as described in parag, 138-139, eniforcing includes 
conditionally blocking the connection). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 2-5, 7, 9-12, 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Jain and further in view of Hall (US Patent Application Publication 
No. 2004/0054928, filed June 17, 2002). 

5.2. As per claim 2, Jain is directed a method according to claim 1. However, Jain 
does not explicitly discuss the criteria, wherein the predefined criteria requires that said 
port of the device is opened within a predefined time window in relation to noticing 
negotiation of a related connection within said control connection. 

Security policies commonly require a response to an initiation command to be received 
within a predefined time interval. This is to mitigate attacks such as masquerading or 
spoofing, where a response from the authorized server is stolen and replaced by 
attacker's response. As an example, Hall teaches a system for detecting intrusion 
(abstract), which enforces a policy of requiring a response to a command to be 
received in a predetermined time interval. Parag, 24 to 27 describe initiation of an FTP 
connection, which is monitored and allowed to complete if the response to an initiation 
is received within a time interval (see Fig. 2, time interval between T1 and T2). 
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Jain teaches a stateful firewall that monitors and identifies an FTP connection and the 
negotiated ports, and allows configuration of a policy to enforce security of the FTP 
connection based on the identified elements of the connection. Hall shows that an FTP 
connection is monitored to verify if the response to a connection initiation is received 
within a predetermined time interval. Therefore, it would have been obvious to a person 
skilled in art to combine Jain and Hall, and set a policy (criteria) in Jain's system to only 
allow the connection to proceed if the response to an initiation command (opening of 
the port) is received within a time interval from when the initiation command (control 
channel) was sent. 

The motivation to do so is prevention of spoofing attacks, which relies on blocking the 
response from the authorized device and replacing it with a response form the attacker. 

5.3. As per claim 3, Jain is directed method according to claim 1, wherein said 
predefined criteria requires that said control connection and said port of the device are 
opened by the same process family (Jain teaches a tree based classifier, which 
determines the parent processes of connections (as defined by specification, vyhen two 
processes have the same parent process, they are in the same process family). As 
shown in Fig. 1, the FTP process itself and the Dynamic TCP port from FTP have a 
parent process, identified by Jain's classifier (the TCP process). As shown in parag. 39 
and 45, Jain enforces a common policy based on classification tree, and a common 
policy is to allow a connection initiated by the same process (TCP)). 
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5.4 As per claim 4. Jain is directed method according to claim 1 , wherein said device 
is running an applet (running applets are inherent in web applications, which is taught 
as part of Hall's system). 

5.5. As per claim 5, Jain is directed method according to claim 4, wherein said control 
connection originates from the applet See response to claim 4, and note that web 
clients inherently originate an FTP connection using applets). 

6. Limitations of claims 6-1 5 are substantially the same as limitations of claims 1 -5 
above. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor. Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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